devteam/sharenet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix problems with deleting test repository from registry
Some checks are pending
CI/CD Pipeline / Test Backend (push) Waiting to run
Details
CI/CD Pipeline / Test Frontend (push) Waiting to run
Details
CI/CD Pipeline / Build and Push Docker Images (push) Blocked by required conditions
Details
CI/CD Pipeline / Deploy to Production (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
continuist 2025-06-28 19:32:04 -04:00
parent 69690f9391
commit 9420de4105
1 changed files with 19 additions and 158 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

177
CI_CD_PIPELINE_SETUP_GUIDE.md
View file

@ -557,10 +557,12 @@ services:
networks: networks:
- registry_network - registry_network
healthcheck: healthcheck:
test: ["CMD", "curl", "-k", "-f", "https://localhost:5000/v2/_catalog"] test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "https://localhost:5000/v2/", "--no-check-certificate"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
start_period: 40s
registry-ui: registry-ui:
image: joxit/docker-registry-ui:latest image: joxit/docker-registry-ui:latest
@ -636,7 +638,7 @@ http {
# Proxy registry API requests # Proxy registry API requests
location /v2/ { location /v2/ {
proxy_pass http://registry_api; proxy_pass https://registry_api;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -644,6 +646,7 @@ http {
proxy_connect_timeout 30s; proxy_connect_timeout 30s;
proxy_send_timeout 30s; proxy_send_timeout 30s;
proxy_read_timeout 30s; proxy_read_timeout 30s;
proxy_ssl_verify off;
} }
# Proxy registry UI requests # Proxy registry UI requests
@ -687,155 +690,6 @@ docker compose up -d
exit exit
``` ```
#### 4.6.1 Restart Registry with Updated Configuration
If you've already started the registry and then updated the `REGISTRY_URL` in the docker-compose.yml file, you need to restart the containers for the changes to take effect:
```bash
# Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER
cd /opt/registry
# Stop and remove the existing containers
docker compose down
# Start the containers with the updated configuration
docker compose up -d
# Exit SERVICE_USER shell
exit
```
**Note**: This step is only needed if you've already started the registry and then updated the `REGISTRY_URL`. If you're starting fresh, Step 4.6 is sufficient.
#### 4.6.2 Troubleshoot Connection Issues
If you get "Unable to Connect" when accessing `https://YOUR_CI_CD_IP:8080`, run these diagnostic commands:
```bash
# Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER
cd /opt/registry
# Check if all containers are running
docker compose ps
# Check container logs for errors
docker compose logs nginx
docker compose logs registry-ui
docker compose logs registry
# Check if nginx is listening on port 8080
netstat -tlnp | grep :8080
# Test nginx directly
curl -k https://localhost:8080
# Exit SERVICE_USER shell
exit
```
**Common Issues and Solutions:**
- **Container not running**: Run `docker compose up -d` to start containers
- **Port conflict**: Check if port 8080 is already in use
- **SSL certificate issues**: Verify the certificate files exist and have correct permissions
- **Firewall blocking**: Ensure port 8080 is open in your firewall
#### 4.6.3 Fix Container Restart Issues
If containers are restarting repeatedly, check the logs and fix the configuration:
```bash
# Switch to SERVICE_USER (registry directory owner)
sudo su - SERVICE_USER
cd /opt/registry
# Stop all containers
docker compose down
# Check if SSL certificates exist
ls -la ssl/
# If certificates don't exist, generate them
if [ ! -f ssl/registry.crt ]; then
echo "Generating SSL certificates..."
mkdir -p ssl
openssl req -x509 -newkey rsa:4096 -keyout ssl/registry.key -out ssl/registry.crt -days 365 -nodes -subj "/C=US/ST=State/L=City/O=Organization/CN=YOUR_CI_CD_IP"
chmod 600 ssl/registry.key
chmod 644 ssl/registry.crt
fi
# Check if nginx.conf exists
ls -la nginx.conf
# If nginx.conf doesn't exist, create it
if [ ! -f nginx.conf ]; then
echo "Creating nginx configuration..."
cat > nginx.conf << 'EOF'
events {
worker_connections 1024;
}
http {
upstream registry_ui {
server registry-ui:80;
}
upstream registry_api {
server registry:5000;
}
server {
listen 443 ssl;
server_name YOUR_CI_CD_IP;
ssl_certificate /etc/nginx/ssl/registry.crt;
ssl_certificate_key /etc/nginx/ssl/registry.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Proxy registry API requests
location /v2/ {
proxy_pass http://registry_api;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Proxy registry UI requests
location / {
proxy_pass http://registry_ui;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
EOF
fi
# Replace YOUR_CI_CD_IP with actual IP in nginx.conf
sed -i "s/YOUR_CI_CD_IP/YOUR_ACTUAL_CI_CD_IP/g" nginx.conf
# Start containers and check logs
docker compose up -d
# Wait a moment, then check logs
sleep 5
docker compose logs nginx
docker compose logs registry
# Exit SERVICE_USER shell
exit
```
**Important**: Replace `YOUR_ACTUAL_CI_CD_IP` with your actual CI/CD Linode IP address in the command above.
#### 4.7 Test Registry Setup #### 4.7 Test Registry Setup
```bash ```bash
@ -878,15 +732,22 @@ docker rmi localhost:8080/test:latest
# Clean up test file # Clean up test file
rm /tmp/test.Dockerfile rm /tmp/test.Dockerfile
# Clean up test repository using registry UI # Get the manifest digest for the 'latest' tag
# 1. Open your browser and go to: https://YOUR_CI_CD_IP:8080 curl -k -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
# 2. You should see the 'test' repository listed https://localhost:8080/v2/test/manifests/latest
# 3. Click on the 'test' repository
# 4. Click the delete button (trash icon) next to the 'latest' tag # Copy the "config.digest" value from the output above (starts with "sha256:")
# 5. Confirm the deletion # Then delete the tag using that digest:
# 6. The test repository should now be removed curl -k -X DELETE https://localhost:8080/v2/test/manifests/<digest>
# Run garbage collection to remove orphaned blobs
docker compose exec registry /bin/registry garbage-collect /etc/docker/registry/config.yml --delete-untagged
# Remove the repository directory structure
docker compose exec registry rm -rf /var/lib/registry/docker/registry/v2/repositories/test
# Verify registry is empty # Verify registry is empty
echo "Verifying registry is now empty..."
curl -k https://localhost:8080/v2/_catalog curl -k https://localhost:8080/v2/_catalog
# Exit SERVICE_USER shell # Exit SERVICE_USER shell